Nato's cyber defence warriors

Nato officials have told the BBC their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets.

The attacks keep coming despite the establishment of a co-ordinated cyber defence policy with a quick-reaction cyber team on permanent standby.

The cyber defence policy was set up after a wave of cyber attacks on Nato member Estonia in 2007, and more recent attacks on Georgia - so what are they defending against and how do they do it?

Tower of Babel

Nato's operational headquarters in Mons is a low, drab three-storey building - part of a sprawling complex set in rolling farmland south of Brussels.

Nato officials refuse to say who they think is behind the attacks

The blue and white flag of the 26-nation alliance flutters in the cold breeze alongside the spangled banner of the EU.

Inside the canteen it is like a Tower of Babel with almost every language of Europe competing to be heard above the clatter of trays and dishes.

Our escort, a German army officer in immaculate uniform, leads us down a corridor to a hushed room where 20 or so military analysts sit hunched over computers; their desert boots and camouflage fatigues strangely out of place for a windowless room in Belgium.

This, explains Chris Evis, is the Incident Management Section, which he heads.

"We face the full gamut of threats. It varies from your kiddie who's just trying to gain street cred amongst his friends to say he's just defaced a Nato system to more focused targeted attacks against Nato information".

Cyber attacks are not new - websites were being hacked into and brought down during the Kosovo war 10 years ago.

Cyber attack can bring down a complete national service, banking, media

Suleyman AnilNato Security Office

But when Estonia came under sustained cyber attack from Russian sympathisers in 2007, the alliance realised it needed a proper cyber defence policy and fast.

Suleyman Anil, a Turkish IT expert from the Nato Security Office is the man driving much of that policy.

"Estonia was the first time, in a large scale, [that we saw] possible involvement of state agencies; that the cyber attack can bring down a complete national service, banking, media... the other particular trait everyone is struggling to deal with... is lots of cyber espionage going on".

Mr Anil reveals that there has been more than one incidence of Nato officials being socially profiled, and then subjected to "targeted trojans".

He explains how their unseen adversaries gather as much information as possible about the individual then send them an email purporting to come from a friend or a relative.

Trojan horse

If they open the attachment then a sophisticated "worm" or "trojan" can, in theory, take over their computer, scan its files, send them on, delete them, or perhaps most damagingly, alter them without the user knowing.

This sort of activity goes on every day in the commercial world but for a military organisation like Nato there are obvious risks.

Chris Evis is at pains to point out that any material classified as "secret" is transmitted only internally, by secure intranet, rather than using the world wide web.

The gravest cyber threat to Nato is somebody altering the data without our knowing about it and finding out too late in the action

Chris EvisIncident Management Section, Nato

But what happens, I ask, when someone mistakenly sends secret material over the internet?

The answer, it seems, is sitting in the corner of the room.

An Italian sergeant, who looks young enough to still be at school, is painstakingly scanning emails that have been automatically quarantined because they contain buzzwords like "Nato secret".

A glance over his shoulder reveals emails to and from Sarajevo, Baghdad and Kabul, evidence of Nato's newly expanded horizons.

They look innocuous enough and most of the time, explains the sergeant, it is a false alarm but sometimes even quite senior officers have transgressed and they get a serious talking to about online security.

Serious threats

When it comes to cyber espionage, Nato officials refuse to say who they think is behind the attacks, in fact our escorts can hardly wait to steer us off the subject.

Even if they were certain that they were originating, say, in China or Russia, it would be very hard for them to prove, so tortuous is the trail in cyberspace.

Instead, Chris Evis is happy to talk about how the threat is being tackled, explaining that they have a number of analysts who are constantly reviewing information, looking for the more serious threats.

"We have [about] 100 sensors at the moment deployed at something close to 30 different sites across the Nato countries... one of these sensors could be on the east coast of the United States, one could be in London, one could be in Iraq and a number of them could be in Afghanistan. All that information is simultaneously feeding back to us at the centre here."

So is cyber warfare the future of warfare?

Chris Evis says he believes it will be a factor within any future conflict.

"I think the gravest cyber threat to Nato is somebody altering the data without our knowing about it and [our] finding out too late in the action," he says.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.